summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-10-12smoketest: tftp-server: listen on dummy interface address rather then loopbackChristian Poessinger
2020-10-11tftp-server: T2974: migrate to get_config_dict()Christian Poessinger
2020-10-11broadcast-relay: T2712: enable render trim_blocksChristian Poessinger
2020-10-11smoketest: tftp-server: add initial testcasesChristian Poessinger
2020-10-11tftp-server: T2973: bugfix IPv6 listen address/port combinationChristian Poessinger
The mandatory colon for separating the IPv6 address and port was missing.
2020-10-11nat: T2198: use proper validators for dnat translation addressChristian Poessinger
2020-10-11smoketest: nat: extend snat and add dnat test casesChristian Poessinger
2020-10-11smoketest: nat: concentrate validation logic checksChristian Poessinger
2020-10-09QAT: T2968: add support for Intel Atom C2000 processorChristian Poessinger
2020-10-09login: T2492: remove empty plaintext-password nodeChristian Poessinger
2020-10-08configd: T2931: workaround for suspected zmq bugJohn Estabrook
2020-10-07Merge pull request #563 from lucasec/dns-source-addressChristian Poessinger
pdns_recursor: T2964: Expose query-local-address to dns config.
2020-10-06pdns_recursor: T2964: Expose query-local-address to dns config.Lucas Christian
In certain split DNS configurations, there is a need for more fine-grained control over the local address DNS forwarding uses to issue queries. The current pdns_recursor configuration allows the recursor to send queries from any available address on the interface the OS selects for the query, with no option to limit queries to a particular address or set of addresses. This commit exposes the `query-local-address` option in `recursor.conf` to users via the `service` `dns` `forwarding` `source-address` config node. If the parameter is unspecified, the default value of 0.0.0.0 (any IPv4 address) and :: (any IPv6 address) are used to match current behavior. Users who want more control can specify one or more IPv4 and IPv6 addresses to issue queries from. Per pdns_recursor docs, the recursor will load balance queries between any available addresses in the pools. Since IPv4 and IPv6 are different pools, note that specifying only one type of address will disable issuing queries for the other address family.
2020-10-06openconnect: T2036: reuse accel-name-server.xml.iChristian Poessinger
2020-10-06Merge pull request #565 from sever-sever/T2782Christian Poessinger
conf-mode: T2782: Restart rsyslog after changing timezone
2020-10-06conf-mode: T2782: Restart rsyslog after changing timezonesever-sever
2020-10-06xml: tftp-server: include/reuse port-number.xml.iChristian Poessinger
2020-10-06xml: include: add common helper file for listen-addressChristian Poessinger
2020-10-06Merge pull request #564 from lucasec/doc-updateDaniil Baturin
Update search domain error message to match new validation logic
2020-10-05Update search domain error message to match new validation logic.Lucas Christian
(also converted file to unix line endings)
2020-10-05wireless: T2963: remove default wpa mode key if passphares or RADIUS is unsetChristian Poessinger
Required to not trigger the "Misssing WPA key or RADIUS server" exception due to the new default value added in commit 2a0428bf ("wireless: T2963: set default 'both' on 'security wpa mode'").
2020-10-05wireless: T2963: set default "both" on "security wpa mode"Christian Poessinger
2020-10-05validate: ipv6: mtu: T2427: wireless interface MTU is not configurableChristian Poessinger
Commit 5db3d631 ("ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled on the interface") checked the "mtu" key for it's value and the test only passed if mtu was larger then the required 1280 bytes when IPv6 address have been configured on the link. wireless (WiFi) interfaces have no MTU node - thus this always resulted in a Python KeyError.
2020-10-05dhcp(v6)-server: T2961: use fqdn validator wnd move to include snippedChristian Poessinger
Migrate the domain-search node (which occurs three times) to an includable snippet. Also re-use the fqdn validator to keep the regex patterns to as few locations as possible.
2020-10-05Merge pull request #562 from lucasec/dhcpv6-statelessChristian Poessinger
dhcpv6: T2961: support stateless dhcpv6 clients
2020-10-05nat: T2951: use proper comments for source/destination loggingChristian Poessinger
For both source and destination NAT always the LOG name contained DST - which is definately false. This has been corrected to use SRC and DST on the appropriate rules.
2020-10-04dhcpv6: T2961: support stateless dhcpv6 clientsLucas Christian
This commit adds support for configuring the DHCPv6 server to serve "stateless" DHCPv6 clients (those that send an information-request message and do not request an address). The change introduces a `common-options` node at the `shared-network-name` level, which allows specifying options applicable to clients regardless of subnet assigned (or in the case of stateless clients, when no subnet is assigned). Parameters specified at the subnet level take precedence over those set at the shared-network level. Presently, only parameters that are meaningful to stateless clients have been exposed under `common-options`, as there is no precedent of exposing parameters at multiple levels under the current DHCPv4 or DHCPv6 configuration syntax. If desired, additional parameters could certainly be added with relative ease.
2020-10-04smoketest: ntp: T2944: fix "allowed-networks statement" testChristian Poessinger
Remove duplicate localhost listen IP addresses. Commit ca61add5e7 ("ntp: T2944: By default do not listen port 123 on any address") explicitly added listen statements for localhost.
2020-10-04sstp: T2960: migrate to get_config_dict() and reusable templatesChristian Poessinger
2020-10-04pppoe-server: T2953: prepare common chap-secrets fileChristian Poessinger
2020-10-04pppoe-server: T2829: shift config migrators by oneChristian Poessinger
As VyOS vrux (1.2.7) requires a mirgator (1-to-2) for the MPPE node change (T2829) we need to shift all other migrators in 1.3 by one. As migrators probe the existance of nodes no negative side-effects are expected.
2020-10-04pppoe-server: migrators: fix python styleChristian Poessinger
2020-10-04pppoe-server: T2829: fix broken migration script (exit called)Christian Poessinger
A test statement was still present in the production code introduced in commit efeac80f8 ("pppoe-server: T2829: migrate 'ppp-options mppe' to leafNode"). This has been fixed.
2020-10-04l2tp: pptp: pppoe-server: T2953: use common Accel-PPP MTU include fileChristian Poessinger
2020-10-04l2tp: pptp: sstp: pppoe-server: T2953: use common include for client-ip-poolChristian Poessinger
2020-10-04pppoe-server: T2953: rename CLI local-ip to gateway-addressChristian Poessinger
Required to get a common CLI for all services provided by Accel-PPP. Once the CLI for each service is consitent - Jinja2 templates can be reused together with get_config_dict().
2020-10-04xml: include: add comment about source filename to every include snippetChristian Poessinger
2020-10-04sstp: T2953: migrate gateway-address, client-ip-settings to common levelChristian Poessinger
* move "network-settings gateway-address" to "gateway-address" * move "network-settings client-ip-settings" to "client-ip-pool"
2020-10-03sstp: T2953: migrate mtu to common levelChristian Poessinger
Preparation before using get_config_dict() and common Jinja2 templates.
2020-10-03smoketest: sstp: pppoe: use common RADIUS testsChristian Poessinger
2020-10-03vpn: sstp: T2008: set DA/CoA default port 1700Christian Poessinger
2020-10-03smoketest: sstp: add basic testsChristian Poessinger
2020-10-03sstp: T2953: migrate name-server settions to common levelChristian Poessinger
In order to reuse as much as possible before migrationg to get_config_dict() and re-use Jinja2 snippets the name-server node must be moved one level up to 'set vpn sstp name-server'.
2020-10-03openvpn: T2957: fix path to openvpn status fileChristian Poessinger
2020-10-03openvpn: T2957: Marcus Hoff
Status file directory for show command was wrong, resulting in no output. Now points to '/var/run/openvpn/{}.status'
2020-10-03smoketest: accel-ppp: prepare common base for multiple accel instance testsChristian Poessinger
2020-10-03pppoe-server: T2936: three IPv6 name-servers are supportedChristian Poessinger
2020-10-03pppoe-server: T2936: move v4/v6 nameserver lists out of for loopChristian Poessinger
2020-10-03Merge remote-tracking branch 'upstream/current' into currentMarcus Hoff
2020-10-03pppoe-server: T2956: make use of defaultValue list featureChristian Poessinger